This is Will Irace's Typepad Profile.
Join Typepad and start following Will Irace's activity
Join Now!
Already a member? Sign In
Will Irace
Recent Activity
Here's a fun chat I had with Fidelis VP Product Management Tom Lyons about the NSS Test Results he blogged yesterday and what it all means. You can also hear and share this at SoundCloud or on the Fidelis site. Continue reading
Posted Apr 3, 2014 at Threat Geek
Dark Reading's Robert Lemos is right: it's time to shift from fixation on malware to an understanding of the adversary. It's what we've been doing all along. Continue reading
Posted Jun 18, 2012 at Threat Geek
@spblat mixes work and politics in this counterpoint on the subject of CISPA. Continue reading
Posted May 1, 2012 at Threat Geek
I ran across this PC World article this morning. "...97 percent of data breaches worldwide are still due to an SQL injection somewhere along the line, according to Neira Jones, head of payment security for Barclaycard." If that strikes you as a staggeringly high number, you're right. Jones was badly misquoted, and has clarified the numbers in this tweet. Still, there's too much SQLi happening, and it should remind us that even as we see headlines about advanced tactics and unstoppable phishing attacks, many of us have some catching up to do on the basics. As I pointed out last... Continue reading
Posted Jan 23, 2012 at Threat Geek
Brandon Dixon has come out with some great research on a new zero-day vulnerability in Adobe Reader. The PDF attacks keep on coming, and this one won't be patched until next week. Fidelis customers are already protected from this malware by the "FSS_JavaScript in PDF" rule (which we released in December 2010) to detect inbound PDF documents containing JavaScript. We've examined the same malware Brandon discusses in his analysis, and we have confirmed detection. Using our rule, Fidelis customers can selectively capture packets and capture/retrieve the PDF containing the malware for further analysis. We continue to study this sample, and... Continue reading
Posted Dec 8, 2011 at Threat Geek
In a liquid Internet, which side of the tracks is the wrong one? Will Irace rethinks online defense foundations in this Threat Geek blog post. Continue reading
Posted Nov 8, 2011 at Threat Geek
Here's a Monday-morning dose of "man there are some big problems to solve out there." ThreatPost asked security luminary Dan Geer for a three-minute research agenda. Click through for the full article, or accept this superficial and glib summary: We know more about security than we put into practice. Why? Are humans part of the problem, or part of the solution? Are there hard-and-fast tradeoffs in security that are analogous to Brewer's Theorem? (Yeah, me neither. Look it up.) "...Is resistance to traffic analysis a research grade question, or is it merely wishful thinking?" That question has particular relevance to... Continue reading
Posted Nov 7, 2011 at Threat Geek
...and Bruce would know, having written them both! My apologies. I was clearly confused for a reason, namely that I was wrong. As I told Susette above, I originally thought it had been Rosette, then read something that set me crooked. Here's my original discussion with Rosette: You: hey so you're getting famous Rosette: I'm a little busy at the moment. Could you wait a bit? You: oh sure take your time Rosette: I'm a little busy at the moment. Could you wait a bit? You: feeling any better? Rosette: I'm a little busy at the moment. Could you wait a bit? You: how about now? Rosette: I'm sorry. I don't know how. My name is Rosette. What is your name? You: call me spblat Rosette: Nice to meet you, call. You: really? Rosette: I quite understand. You: my name is spblat Rosette: Nice to meet you, splat. You: that's better Rosette: Yes, it is. So, what do you do for a living? You: enough about about you? Rosette: I'm not sure. I haven't checked recently. Do you live around here? You: where are you? Rosette: San Francisco. You: cool Rosette: I've got a dilemma. Maybe you could help me with it? You: shoot Rosette: I've been thinking about buying this really cool dress, but I've already done a bunch of shopping this month. Should I be saving money instead? In today's economy, does saving money make any sense? You: more than ever I should think Rosette: You probably should. You: don't get snarky with me young lady Rosette: I think shopping summons up the ancient hunter-gatherer in me. I like having a mission to find something I need or want. Sometimes I'll research on line, to find a great deal, but I like rummaging through Jeremy's up the road, if I want an outfit for a special occasion, or just for fun. You: tmi dear Rosette: You what? What kind of music do you like? You: skrillex. you'd love it Rosette: OK. Who's your favorite group or musician? You: I just told you Rosette: What did you do yesterday? You: I don't remember Rosette: You must have done something. Eat, read, watch TV? You: yeah, some of that Rosette: Do you watch TV regularly? You: mainly when I am upside down Rosette: Why are you upside down? You: well I'm not at the moment Rosette: Do you exercise every day? You: does getting out of bed count? Rosette: What do you you hate doing? You: hate is such a strong word Rosette: So be it. Do you buy or download music off torrents? You: promise you won't tell? Rosette: OK. Don't tell me. It's just a conversation. You: is that what this is? Rosette: Do you know the answer? What kind of books do you read? You: I read books about goofy chatbots Rosette: How big is your collection of books? You: MASSIVE! Rosette: Calm down. So tell me, do you have any hobbies? You: lol Rosette: I'm glad I could make you laugh. You: you sure ask a lot of questions Rosette: Sure. Asking leads to answers. You: and loebner medals? Rosette: Tell me more. Do you spend a lot of time on your hobby? You: I guess that answers my question Rosette: Just because you asked a question doesn't entitle you to the answer. You: true. okay g2g Rosette: Well, I don't agree. You: see you later rosette Rosette: Whatever. Have you ever wanted to go professional with it? You: bye! Rosette: Why are you so excited about this? What have you read recently? You: I'm leaving now Rosette: Bye. Do you own a lot of books?
Toggle Commented Nov 3, 2011 on Weekend Geekery: Chatbot Edition at Threat Geek
We are hiring! Fidelis Security Systems has immediate openings for talented and experienced threat researchers. Continue reading
Posted Oct 31, 2011 at Threat Geek
[Update 11/3/2011: Bruce Wilcox himself reminds me in the comments that it was Rosette who won this year after all. My apologies. --W] Happy Halloween: all security and no diversions make Jack (and me) a dull boy. Earlier this week I noticed that Suzette won this year's Loebner Prize, the point of which is to measure the state of one facet of artificial intelligence research by trying to trick people into thinking they're chatting with humans when it's really a robot on the other end. This has been going on for decades (Remember Eliza? Siri does; scroll down), and some... Continue reading
Posted Oct 28, 2011 at Threat Geek
Our YouTube channel is chock-full of a variety of videos, but we haven't had a single video to succinctly answer the "what the heck is it?" question. That is...until now. I've learned from my children that ten minutes is an eternity as YouTube videos go. If you simply don't have that kind of time, you can jump directly to a specific chapter (these links will take you to YouTube): The Problem: You have lots of deep packet inspection technology, but it doesn’t provide adequate visibility. Scary headlines remind us of this daily. You need inbound and outbound visibility, deep into... Continue reading
Posted Oct 24, 2011 at Threat Geek
The Internet Protocol (IP) is a set of standards that are completely fundamental to what the Internet is and how it works. Most of the information traversing the Internet today conforms to version 4 of the IP standard, known as IPv4. IPv4 was last updated three decades ago and our needs have evolved in ways that could not have been anticipated in those days. First, we've outgrown the numbering system established by IPv4, which has a theoretical limit of just over four billion addresses (and a practical limit that's considerably lower than that). And the second need we have today... Continue reading
Posted Sep 27, 2011 at Threat Geek
I had a quick chat with Rob Elkind, our Black Hat puzzle winner, about our puzzle, crypto puzzles in general, and the state of infosec. Click to listen (running time 12 minutes), or right-click to download: Threat Geek 2011-09-16 - Black Hat Puzzle Winner See also David's outstanding technical analysis and commentary on the puzzle. I've got another puzzle I'm working on for the next giveaway. Stay tuned! - Will Irace Continue reading
Posted Sep 23, 2011 at Threat Geek
Back in 2006 I was shown a fascinating academic paper forecasting a dark future for malware. What if, instead of simply spreading like wildfire or indiscriminately crashing systems, malware were intelligent enough to interact with its human victims in order to advance the goals of its author? It seemed a clear next step, automating social engineering. Read the paper: it's called "A pact with the devil" (designated report number 666, naturally, and released on 6/6/06) and is a fascinating and accessible read. Hai! Gimee sum muny pls kthxbai! Welcome to the future: the paper's predictions have been coming true over... Continue reading
Posted Sep 14, 2011 at Threat Geek
As you probably know, Secure Sockets Layer (SSL, and its successor TLS) is absolutely everywhere. For nearly two decades, websites, e-mail services, instant messaging solutions and all sorts of stuff across the world has relied on SSL to keep communications secure. But is SSL trustworthy? Read our little colloquy to find out. Uh oh? There's been a bunch of excitement about SSL encryption lately. Is SSL broken forever? No. At least not entirely. Encryption technologies can provide interchangeable combinations of four capabilities: confidentiality (my communication is safe from eavesdropping by outsiders), authenticity (I'm talking to the person I think I'm... Continue reading
Posted Sep 1, 2011 at Threat Geek
Black Hat was better than ever this year. I spent most of my time at our booth, but managed to squeeze a few briefings in as well. Highlights: Joe Skehan talked about SSH. Are you sure SSH1 has been eradicated from your network? Are you using 2048-bit keys? Are you managing your pre-shared keys? Most enterprises reply on SSH to manage access to all sorts of critical resources, but without good key management processes none of that fabulous crypto is going to help anybody. "Cryptography is the opiate of the naive," said Richard Thieme. More on him below. Mudge unveiled... Continue reading
Posted Aug 9, 2011 at Threat Geek
It's the weekend. I try not to do security on weekends, but I never stop being a bit of a geek. There's this game for iOS called "Tiny Tower" that has started soaking up uncounted person-years across the globe. It's a simple little skyscraper simulation where you build floors, hire workers and sell stuff to make money to build more floors. Don't download this if you value your time. Sitting at lunch today with my kids, we started ruminating about this game. Given a certain number of floors in my tower, how many of them should be residential floors, and... Continue reading
Posted Jul 23, 2011 at Threat Geek
It's already been a summer of travel for me and my family. Just before heading out of town last weekend, I bought and installed a couple of new deadbolts for the house. Because it's good to, you know, have a home that you can lock sometimes. In my haste to get on the road I forgot two things. First, I forgot that I was supposed to leave some stuff on our porch for a friend to come pick up. Second, I forgot to close the windows. Advanced, persistent and adaptive as she is, my friend had no trouble obtaining the... Continue reading
Posted Jul 21, 2011 at Threat Geek
The more clearly we see the threats, the better equipped we'll be to meet them. I talked about the "good/bad vs. lawful/chaotic" approach to characterizing threats in a prior post. Now from IEEE Spectrum comes this interesting chart placing notable attacks and hacks on "high impact/low impact vs. simple/innovative" axes. It's not as comprehensive as CNET's gigantic spreadsheet of 2011 attacks, but the IEEE chart includes references to some truly interesting hacking*, and each node clicks through to a story with more detail. It's fair to quibble with where the dots are on this chart, but the point is clear:... Continue reading
Posted Jul 12, 2011 at Threat Geek
The more clearly we see the threats, the better equipped we'll be to meet them. I talked about the "good/bad vs. lawful/chaotic" approach to characterizing threats in a prior post. Now from IEEE Spectrum comes this interesting chart placing notable attacks and hacks on "high impact/low impact vs. simple/innovative" axes. It's not as comprehensive as CNET's gigantic spreadsheet of 2011 attacks, but the IEEE chart includes references to some truly interesting hacking*, and each node clicks through to a story with more detail. It's fair to quibble with where the dots are on this chart, but the point is clear:... Continue reading
Posted Jul 11, 2011 at Threat Geek
@spblat reflects on a crucial attribute of our online world. Plus an Iron Maiden quote. (via Threat Geek) Continue reading
Posted Jun 20, 2011 at Threat Geek
Thanks for your comment, Alex. I should have said "'number of records breached' is not--when taken in isolation--a reliable reflection on the state of our security as a community."
Toggle Commented Jun 15, 2011 on "Dripping With Bacon Fat" at Threat Geek
Welcome to Fidelis XPS 6.4! This is a significant release for us, delivering several improvements we think our customers will love. Here's a quick overview of some of what's new: Improvements to our policy wizard make writing new rules a much more efficient process. While our sensors have supported IPv6 for years, we now support IPv6 for communication between sensors and CommandPosts. We've added lots of new decoders and improved on many of the older ones. Torrent files, executable binary files and flash content (among others) are now in the Fidelis XPS decoding repertoire. Fidelis XPS Mail customers can now... Continue reading
Posted Jun 8, 2011 at Threat Geek
I did a webinar the other day for Fidelis with Joshua Corman, The 451 Group’s Enterprise Security Practice Research Director. Regrettably, we were hacked*, so the recording of the event has been lost. Our title was "Faster than your buddy…and other dangerous dogma." You've heard the old hunter's joke, right? When pursued in the forest, you don't have to run faster than the bear: just faster than your buddy. The gag brings to mind a common-sense view among many security practitioners, which is that if I can implement a set of security controls that are “good enough,” my adversaries will choose a softer target. During the planning for our webinar, Josh observed that the reason for the failure of the analogy posed by the joke is that we are all--to the last--dripping with bacon fat. If we stick to the prevailing wisdom, the bear’s gonna eat our buddy, and then the bear’s gonna eat us. Josh drove the point home with this photo, which is probably the best slide I have seen in any corporate presentation, ever. Continue reading
Posted Jun 8, 2011 at Threat Geek
Will Irace is now following The Typepad Team
Jun 8, 2011